Aug 13, 2013

Let's start where we left in Part 1. In this post our main Goal will be to create Dynamic Oath Header for authorizing an API request. We already created Oath Header using shamApp Application and get our latest tweet but this is not our permanent solution .

Now Create Time Stamp and Oath nonce:Note: We can also create Timestamp using now() function too but I suggest you to first convert into GMT format time and then to epoch time.

Now lets move to create Signing Key and Signing base string(Message) using Percent Encoding which will be used to create Oath Signature using HMAC-SHA1 Encryption.

So our Signature Key and Signature base string(secret message) is ready. Lets pass these two to our function called HmacSHA1 encryption to get Oath Signature."There is no MAC function Included in CF 9 but CF 10 provides HMAC function to achieve this. So Let's do it in CF 9 using MAC and Secret Key class provided by JAVA to achieve it"

So our Final step is to create Oath Header and send this Oath Header via HTTP request to User Timeline API to get our latest tweet post.

This HTTP request will give our recent tweeter posts along with lots of details associated with it in JSON format. To see our Twitter post we have to first deserialise this JSON response.

So we get our final o/p of latest Tweets posted by user. So now you can display latest tweet in web pages. This is same result which we got from shamApp application in part1

Recently Twitter Published API V 1.1 in June 2013.
Twitter has made lots of changes in it to increase security Level to prevent malicious use of the Twitter API. New API requires authentication on every API endpoint, that means every request to the API will be authenticated. Most Important they have dropped XML, Atom, and RSS support and only functional with JSON support.
To know more about API v1.1. Please visit https://dev.twitter.com/docs/api/1.1/overview

In one of my Project I was showing Latest Twitter Post using RSS feed.
In June my client noticed that her Twitter Post are not displaying. In result I checked my code and found that.
RSS Feed URL:https://api.twitter.com/1/statuses/user_timeline.rss?screen_name=shamtwit
through an error "The Twitter REST API v1 is no longer active. "
This situation results me to explore API V 1.1 and to write this Blog.

So, let's start. As we discuss earlier new API V 1.1 needs Oath Authentication and will be fulfilled by creating an application in Twitter Account.1. Go to https://dev.twitter.com/apps, login with your twitter account.
2. Click on "Create a New Application button". Fill necessary details. (Website Field is must but we are not going to use as a source to create tweets for our application. Just add any local URL).

6. Oath Signature is created now (Valid for few minutes). Let's review two imp results Signature based String : This will be used to create Oath Signature using HMAC-SHA1
encryption which in-turn help us to create our Oath Header.Oath Header : Oath Header will be used to pass authorization request to User Time line API to get
recent tweet posted by user.
To explore more on Authorization, Please visit : https://dev.twitter.com/docs/auth/authorizing-request

Above 6 steps finishes our Application Setup Creation, You just need to note down your Oath Settings to create Signature Based String, Oath Signature and Oath Header. Lets Check whether Oath Header created by mySham Application able to get latest twitter post or not by posting HTTP request to User Timeline API.

User Time Line API: https://api.twitter.com/1.1/statuses/user_timeline.json

HTTP Method: GET

HTTP Parameters: Count,user_id,Oath Header(created above)

Note: Be careful to give these parameters correct. If its wrong then Unauthorized access may come.

Let's see response Header of this HTTP request

<cfdump var="#cfhttp.responseheader#">

So our HTTP request to User Time Line is success with Status 200 OK.

Lets see what we get in File Content.

<cfoutput>#cfhttp.fileContent#</cfoutput>

You can see our data in JSON format. We have to Deserialize this JSON format to see our tweet post.

Not only you can get Latest Tweet from User Timeline but It also contains lot of Information like Date creation, Hash tags, comments etc..

Q: Can we use this Response Header created by shamApp to get latest tweets every time we make request to UserTimeLine API ?

Answer is No. (When you run same code after an hr. It will show an error "Time Stamp Out of Bound")

When you check Response Header you will see Oath_nonce,oath_TimeStamp and Oath_Signature which are not present while creating Application Settings. These 3 makes API v 1.1 more secure as these values are not same on each request. Oath_nonce(random 32 bytes of random data), Oath_TimeStamp(Timstamp value when request was created) and Oath_Signature (Created using HMAC-SHA1 encryption by passing Signature
base string and Signature Key) are dynamic and It combines with some other oath settings to make Oath Header.

So we have to do all this process though code base to achieve this.

Let's move on to my next Blog where we crate dynamic Oath Header for each request to be passed to get Latest Tweet